packages feed

amazonka-route53-2.0: gen/Amazonka/Route53/CreateKeySigningKey.hs

{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Route53.CreateKeySigningKey
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a new key-signing key (KSK) associated with a hosted zone. You
-- can only have two KSKs per hosted zone.
module Amazonka.Route53.CreateKeySigningKey
  ( -- * Creating a Request
    CreateKeySigningKey (..),
    newCreateKeySigningKey,

    -- * Request Lenses
    createKeySigningKey_callerReference,
    createKeySigningKey_hostedZoneId,
    createKeySigningKey_keyManagementServiceArn,
    createKeySigningKey_name,
    createKeySigningKey_status,

    -- * Destructuring the Response
    CreateKeySigningKeyResponse (..),
    newCreateKeySigningKeyResponse,

    -- * Response Lenses
    createKeySigningKeyResponse_httpStatus,
    createKeySigningKeyResponse_changeInfo,
    createKeySigningKeyResponse_keySigningKey,
    createKeySigningKeyResponse_location,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.Route53.Types

-- | /See:/ 'newCreateKeySigningKey' smart constructor.
data CreateKeySigningKey = CreateKeySigningKey'
  { -- | A unique string that identifies the request.
    callerReference :: Prelude.Text,
    -- | The unique string (ID) used to identify a hosted zone.
    hostedZoneId :: ResourceId,
    -- | The Amazon resource name (ARN) for a customer managed key in Key
    -- Management Service (KMS). The @KeyManagementServiceArn@ must be unique
    -- for each key-signing key (KSK) in a single hosted zone. To see an
    -- example of @KeyManagementServiceArn@ that grants the correct permissions
    -- for DNSSEC, scroll down to __Example__.
    --
    -- You must configure the customer managed customer managed key as follows:
    --
    -- [Status]
    --     Enabled
    --
    -- [Key spec]
    --     ECC_NIST_P256
    --
    -- [Key usage]
    --     Sign and verify
    --
    -- [Key policy]
    --     The key policy must give permission for the following actions:
    --
    --     -   DescribeKey
    --
    --     -   GetPublicKey
    --
    --     -   Sign
    --
    --     The key policy must also include the Amazon Route 53 service in the
    --     principal for your account. Specify the following:
    --
    --     -   @\"Service\": \"dnssec-route53.amazonaws.com\"@
    --
    -- For more information about working with a customer managed key in KMS,
    -- see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html Key Management Service concepts>.
    keyManagementServiceArn :: Prelude.Text,
    -- | A string used to identify a key-signing key (KSK). @Name@ can include
    -- numbers, letters, and underscores (_). @Name@ must be unique for each
    -- key-signing key in the same hosted zone.
    name :: Prelude.Text,
    -- | A string specifying the initial status of the key-signing key (KSK). You
    -- can set the value to @ACTIVE@ or @INACTIVE@.
    status :: Prelude.Text
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'CreateKeySigningKey' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'callerReference', 'createKeySigningKey_callerReference' - A unique string that identifies the request.
--
-- 'hostedZoneId', 'createKeySigningKey_hostedZoneId' - The unique string (ID) used to identify a hosted zone.
--
-- 'keyManagementServiceArn', 'createKeySigningKey_keyManagementServiceArn' - The Amazon resource name (ARN) for a customer managed key in Key
-- Management Service (KMS). The @KeyManagementServiceArn@ must be unique
-- for each key-signing key (KSK) in a single hosted zone. To see an
-- example of @KeyManagementServiceArn@ that grants the correct permissions
-- for DNSSEC, scroll down to __Example__.
--
-- You must configure the customer managed customer managed key as follows:
--
-- [Status]
--     Enabled
--
-- [Key spec]
--     ECC_NIST_P256
--
-- [Key usage]
--     Sign and verify
--
-- [Key policy]
--     The key policy must give permission for the following actions:
--
--     -   DescribeKey
--
--     -   GetPublicKey
--
--     -   Sign
--
--     The key policy must also include the Amazon Route 53 service in the
--     principal for your account. Specify the following:
--
--     -   @\"Service\": \"dnssec-route53.amazonaws.com\"@
--
-- For more information about working with a customer managed key in KMS,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html Key Management Service concepts>.
--
-- 'name', 'createKeySigningKey_name' - A string used to identify a key-signing key (KSK). @Name@ can include
-- numbers, letters, and underscores (_). @Name@ must be unique for each
-- key-signing key in the same hosted zone.
--
-- 'status', 'createKeySigningKey_status' - A string specifying the initial status of the key-signing key (KSK). You
-- can set the value to @ACTIVE@ or @INACTIVE@.
newCreateKeySigningKey ::
  -- | 'callerReference'
  Prelude.Text ->
  -- | 'hostedZoneId'
  ResourceId ->
  -- | 'keyManagementServiceArn'
  Prelude.Text ->
  -- | 'name'
  Prelude.Text ->
  -- | 'status'
  Prelude.Text ->
  CreateKeySigningKey
newCreateKeySigningKey
  pCallerReference_
  pHostedZoneId_
  pKeyManagementServiceArn_
  pName_
  pStatus_ =
    CreateKeySigningKey'
      { callerReference =
          pCallerReference_,
        hostedZoneId = pHostedZoneId_,
        keyManagementServiceArn = pKeyManagementServiceArn_,
        name = pName_,
        status = pStatus_
      }

-- | A unique string that identifies the request.
createKeySigningKey_callerReference :: Lens.Lens' CreateKeySigningKey Prelude.Text
createKeySigningKey_callerReference = Lens.lens (\CreateKeySigningKey' {callerReference} -> callerReference) (\s@CreateKeySigningKey' {} a -> s {callerReference = a} :: CreateKeySigningKey)

-- | The unique string (ID) used to identify a hosted zone.
createKeySigningKey_hostedZoneId :: Lens.Lens' CreateKeySigningKey ResourceId
createKeySigningKey_hostedZoneId = Lens.lens (\CreateKeySigningKey' {hostedZoneId} -> hostedZoneId) (\s@CreateKeySigningKey' {} a -> s {hostedZoneId = a} :: CreateKeySigningKey)

-- | The Amazon resource name (ARN) for a customer managed key in Key
-- Management Service (KMS). The @KeyManagementServiceArn@ must be unique
-- for each key-signing key (KSK) in a single hosted zone. To see an
-- example of @KeyManagementServiceArn@ that grants the correct permissions
-- for DNSSEC, scroll down to __Example__.
--
-- You must configure the customer managed customer managed key as follows:
--
-- [Status]
--     Enabled
--
-- [Key spec]
--     ECC_NIST_P256
--
-- [Key usage]
--     Sign and verify
--
-- [Key policy]
--     The key policy must give permission for the following actions:
--
--     -   DescribeKey
--
--     -   GetPublicKey
--
--     -   Sign
--
--     The key policy must also include the Amazon Route 53 service in the
--     principal for your account. Specify the following:
--
--     -   @\"Service\": \"dnssec-route53.amazonaws.com\"@
--
-- For more information about working with a customer managed key in KMS,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html Key Management Service concepts>.
createKeySigningKey_keyManagementServiceArn :: Lens.Lens' CreateKeySigningKey Prelude.Text
createKeySigningKey_keyManagementServiceArn = Lens.lens (\CreateKeySigningKey' {keyManagementServiceArn} -> keyManagementServiceArn) (\s@CreateKeySigningKey' {} a -> s {keyManagementServiceArn = a} :: CreateKeySigningKey)

-- | A string used to identify a key-signing key (KSK). @Name@ can include
-- numbers, letters, and underscores (_). @Name@ must be unique for each
-- key-signing key in the same hosted zone.
createKeySigningKey_name :: Lens.Lens' CreateKeySigningKey Prelude.Text
createKeySigningKey_name = Lens.lens (\CreateKeySigningKey' {name} -> name) (\s@CreateKeySigningKey' {} a -> s {name = a} :: CreateKeySigningKey)

-- | A string specifying the initial status of the key-signing key (KSK). You
-- can set the value to @ACTIVE@ or @INACTIVE@.
createKeySigningKey_status :: Lens.Lens' CreateKeySigningKey Prelude.Text
createKeySigningKey_status = Lens.lens (\CreateKeySigningKey' {status} -> status) (\s@CreateKeySigningKey' {} a -> s {status = a} :: CreateKeySigningKey)

instance Core.AWSRequest CreateKeySigningKey where
  type
    AWSResponse CreateKeySigningKey =
      CreateKeySigningKeyResponse
  request overrides =
    Request.postXML (overrides defaultService)
  response =
    Response.receiveXML
      ( \s h x ->
          CreateKeySigningKeyResponse'
            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
            Prelude.<*> (x Data..@ "ChangeInfo")
            Prelude.<*> (x Data..@ "KeySigningKey")
            Prelude.<*> (h Data..# "Location")
      )

instance Prelude.Hashable CreateKeySigningKey where
  hashWithSalt _salt CreateKeySigningKey' {..} =
    _salt
      `Prelude.hashWithSalt` callerReference
      `Prelude.hashWithSalt` hostedZoneId
      `Prelude.hashWithSalt` keyManagementServiceArn
      `Prelude.hashWithSalt` name
      `Prelude.hashWithSalt` status

instance Prelude.NFData CreateKeySigningKey where
  rnf CreateKeySigningKey' {..} =
    Prelude.rnf callerReference
      `Prelude.seq` Prelude.rnf hostedZoneId
      `Prelude.seq` Prelude.rnf keyManagementServiceArn
      `Prelude.seq` Prelude.rnf name
      `Prelude.seq` Prelude.rnf status

instance Data.ToElement CreateKeySigningKey where
  toElement =
    Data.mkElement
      "{https://route53.amazonaws.com/doc/2013-04-01/}CreateKeySigningKeyRequest"

instance Data.ToHeaders CreateKeySigningKey where
  toHeaders = Prelude.const Prelude.mempty

instance Data.ToPath CreateKeySigningKey where
  toPath = Prelude.const "/2013-04-01/keysigningkey"

instance Data.ToQuery CreateKeySigningKey where
  toQuery = Prelude.const Prelude.mempty

instance Data.ToXML CreateKeySigningKey where
  toXML CreateKeySigningKey' {..} =
    Prelude.mconcat
      [ "CallerReference" Data.@= callerReference,
        "HostedZoneId" Data.@= hostedZoneId,
        "KeyManagementServiceArn"
          Data.@= keyManagementServiceArn,
        "Name" Data.@= name,
        "Status" Data.@= status
      ]

-- | /See:/ 'newCreateKeySigningKeyResponse' smart constructor.
data CreateKeySigningKeyResponse = CreateKeySigningKeyResponse'
  { -- | The response's http status code.
    httpStatus :: Prelude.Int,
    changeInfo :: ChangeInfo,
    -- | The key-signing key (KSK) that the request creates.
    keySigningKey :: KeySigningKey,
    -- | The unique URL representing the new key-signing key (KSK).
    location :: Prelude.Text
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'CreateKeySigningKeyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'createKeySigningKeyResponse_httpStatus' - The response's http status code.
--
-- 'changeInfo', 'createKeySigningKeyResponse_changeInfo' - Undocumented member.
--
-- 'keySigningKey', 'createKeySigningKeyResponse_keySigningKey' - The key-signing key (KSK) that the request creates.
--
-- 'location', 'createKeySigningKeyResponse_location' - The unique URL representing the new key-signing key (KSK).
newCreateKeySigningKeyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'changeInfo'
  ChangeInfo ->
  -- | 'keySigningKey'
  KeySigningKey ->
  -- | 'location'
  Prelude.Text ->
  CreateKeySigningKeyResponse
newCreateKeySigningKeyResponse
  pHttpStatus_
  pChangeInfo_
  pKeySigningKey_
  pLocation_ =
    CreateKeySigningKeyResponse'
      { httpStatus =
          pHttpStatus_,
        changeInfo = pChangeInfo_,
        keySigningKey = pKeySigningKey_,
        location = pLocation_
      }

-- | The response's http status code.
createKeySigningKeyResponse_httpStatus :: Lens.Lens' CreateKeySigningKeyResponse Prelude.Int
createKeySigningKeyResponse_httpStatus = Lens.lens (\CreateKeySigningKeyResponse' {httpStatus} -> httpStatus) (\s@CreateKeySigningKeyResponse' {} a -> s {httpStatus = a} :: CreateKeySigningKeyResponse)

-- | Undocumented member.
createKeySigningKeyResponse_changeInfo :: Lens.Lens' CreateKeySigningKeyResponse ChangeInfo
createKeySigningKeyResponse_changeInfo = Lens.lens (\CreateKeySigningKeyResponse' {changeInfo} -> changeInfo) (\s@CreateKeySigningKeyResponse' {} a -> s {changeInfo = a} :: CreateKeySigningKeyResponse)

-- | The key-signing key (KSK) that the request creates.
createKeySigningKeyResponse_keySigningKey :: Lens.Lens' CreateKeySigningKeyResponse KeySigningKey
createKeySigningKeyResponse_keySigningKey = Lens.lens (\CreateKeySigningKeyResponse' {keySigningKey} -> keySigningKey) (\s@CreateKeySigningKeyResponse' {} a -> s {keySigningKey = a} :: CreateKeySigningKeyResponse)

-- | The unique URL representing the new key-signing key (KSK).
createKeySigningKeyResponse_location :: Lens.Lens' CreateKeySigningKeyResponse Prelude.Text
createKeySigningKeyResponse_location = Lens.lens (\CreateKeySigningKeyResponse' {location} -> location) (\s@CreateKeySigningKeyResponse' {} a -> s {location = a} :: CreateKeySigningKeyResponse)

instance Prelude.NFData CreateKeySigningKeyResponse where
  rnf CreateKeySigningKeyResponse' {..} =
    Prelude.rnf httpStatus
      `Prelude.seq` Prelude.rnf changeInfo
      `Prelude.seq` Prelude.rnf keySigningKey
      `Prelude.seq` Prelude.rnf location